Re: RFC 5321bis / 2821ter
John C Klensin <john+smtp@jck.com> Thu, 29 January 2009 16:18 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TGIWJH024709 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 09:18:32 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0TGIWRL024708; Thu, 29 Jan 2009 09:18:32 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TGIU3V024700 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for <ietf-smtp@imc.org>; Thu, 29 Jan 2009 09:18:31 -0700 (MST) (envelope-from john+smtp@jck.com)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1LSZaz-000E3p-8S; Thu, 29 Jan 2009 11:18:25 -0500
Date: Thu, 29 Jan 2009 11:18:24 -0500
From: John C Klensin <john+smtp@jck.com>
To: Alessandro Vesely <vesely@tana.it>, Paul Smith <paul@pscs.co.uk>
cc: ietf-smtp@imc.org
Subject: Re: RFC 5321bis / 2821ter
Message-ID: <329705CBE49F16B7218F4E32@PST.JCK.COM>
In-Reply-To: <4981CB21.7080801@tana.it>
References: <4979D903.1060705@pscs.co.uk> <E5EF288BD222F5BA20C735BD@PST.JCK.COM> <497980AA.2060706@es2eng.com> <C4ZHRHThnSMjwwDOZ03z0w.md5@lochnagar.oryx.com> <4979B5F2.9010102@pscs.co.uk> <WBwvOp9JIdw2SWc1HYscRg.md5@lochnagar.oryx.com> <4979D903.1060705@pscs.co.uk> <5.2.1.1.0.20090123140212.03ed3fb0@plus.pop.mail.yahoo.com> <51104ACCD26E8167A1B3981E@PST.JCK.COM> <497D8756.5030306@pscs.co.uk> <alpine.LSU.2.00.0901261913140.4795@hermes-2.csi.cam.ac.uk> <497ED51D.9040407@pscs.co.uk> <497EE0EA.6080704@tana.it> <497EEB01.8060300@pscs.co.uk> <497F41FB.7060101@tana.it> <497F4765.6070109@pscs.co.uk> <497F7058.90109@santronics.com> <498025E0.7080802@pscs.co.uk> <49809046.101@santronics.com> <49816FD7.1040609@pscs.co.uk> <4981CB21.7080801@tana.it>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
--On Thursday, January 29, 2009 16:28 +0100 Alessandro Vesely <vesely@tana.it> wrote: >... >> We >> have yet to come across a recipient where if they change it >> so that it sends 'EHLO [<local ip address>]' or 'EHLO >> domain.com' it won't work, even though the first is useless >> and the second is strictly incorrect. > I'd say the second is valid, since the spec says it must not > be rejected. From an ethical POV, having a DNS record to > confirm that the domain endorses the address being used should > be preferred. (From an operations POV, users cannot read their > mail from outside the office without that.) Alessandro, I think this is what you are missing that Paul and others are trying to explain. 5321 rather carefully explains what is valid and what is not. To be valid under 5321, it must meet the syntax rules for either a Domain or for an address literal. If it looks like a Domain, it must be a resolvable FQDN. The server is also encouraged to check the relationship between the EHLO argument and whatever else it knows about the sending machine (particularly its IP address from the connection) but told that it must not reject the mail simply because whatever tests it applies at that level fails. That doesn't somehow make the argument "valid" or "invalid" as far as 5321 is concerned, it just means that an optional test failed, one whose results the server is prohibited from using to reject the message. If the intention of the text was to say "the argument to EHLO is noise and you can ignore it", that certainly could have been said, and probably should have been. The following are all perfectly valid decisions under 5321 as written: * Rejecting the EHLO command and message because the argument does not follow the syntax rules. * Rejecting the EHLO command and message because the apparent FQDN in the argument does not resolve at all in the public DNS. * Noticing that the EHLO argument does not resolve to the address obtained from the connection, writing a private-use header into the message that records that fact, and then forwarding/delivering the message anyway. * Noticing that the EHLO argument does not resolve to the address obtained from the connection, delivering the message anyway, but delivering it to a folder different from the one that would normally be used for incoming messages associated with the RCPT command address. If others disagree with that interpretation, we should discuss it. If people believe that the text needs further clarification, I'd welcome suggested text modifications. But I'm confident that the description above is what 5321 is intended to say and how it should be interpreted. Other interpretations are, IMO, a change to the spec. > OK, DNS checks can be worked around. However, I'd reckon that > it is > still easier for legitimate senders than for spammers to do > that. In many cases, actually not. > DNS/whois data has experienced a series of adjustments for the > sake of > privacy and users' right to anonymity. I accept that it should > be > possible for a user to send mail anonymously. However, I'd > refuse that > the operators of an SMTP relay may remain anonymous. Is that a > more or less universally agreed stance? It depends on _exactly_ how you define "SMTP relay". If it includes submission servers, the same privacy arguments that have been applied to senders would apply to it too. The ability to close down or restrict traffic from servers that support anonymous senders is equivalent to the ability to shut the anonymous senders down. john
- Re: RFC 5321bis / 2821ter Alessandro Vesely
- Re: RFC 5321bis / 2821ter John C Klensin
- Re: RFC 5321bis / 2821ter Alessandro Vesely
- Re: RFC 5321bis / 2821ter John C Klensin
- Re: RFC 5321bis / 2821ter David MacQuigg
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter John C Klensin
- Re: RFC 5321bis / 2821ter Alessandro Vesely
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter Hector Santos
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter Alessandro Vesely
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter Hector Santos
- Re: RFC 5321bis / 2821ter Alessandro Vesely
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter Alessandro Vesely
- Re: RFC 5321bis / 2821ter Hector Santos
- Re: RFC 5321bis / 2821ter Mark Andrews
- Re: RFC 5321bis / 2821ter SM
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter John C Klensin
- Re: Submission identifiers John Leslie
- Re: RFC 5321bis / 2821ter Hector Santos
- Re: RFC 5321bis / 2821ter Alex van den Bogaerdt
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter Tony Finch
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter Tony Finch
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter Alessandro Vesely
- Re: Submission identifiers Paul Smith
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: Submission identifiers John C Klensin
- Re: Submission identifiers Steve Atkins
- Re: Submission identifiers David MacQuigg
- Re: RFC 5321bis / 2821ter Tony Finch
- Re: RFC 5321bis / 2821ter Jeff Macdonald
- Re: RFC 5321bis / 2821ter Jeff Macdonald
- Re: RFC 5321bis / 2821ter SM
- Re: Submission identifiers Alessandro Vesely
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: Submission identifiers John Leslie
- Re: RFC 5321bis / 2821ter Steve Atkins
- Re: RFC 5321bis / 2821ter David MacQuigg
- Re: Submission identifiers John C Klensin
- Re: Submission identifiers Alessandro Vesely
- Re: Submission identifiers Arnt Gulbrandsen
- Re: Submission identifiers SM
- Re: Submission identifiers David MacQuigg
- Re: Submission identifiers John C Klensin
- Re: RFC 5321bis / 2821ter John C Klensin
- Re: Submission identifiers Alessandro Vesely
- Re: RFC 5321bis / 2821ter Alex van den Bogaerdt
- Re: RFC 5321bis / 2821ter David MacQuigg
- Re: RFC 5321bis / 2821ter John C Klensin
- Submission identifiers (was: Re: RFC 5321bis / 28… John C Klensin
- Re: RFC 5321bis / 2821ter David MacQuigg
- Re: RFC 5321bis / 2821ter Alessandro Vesely
- Re: RFC 5321bis / 2821ter John C Klensin
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter John C Klensin
- Re: RFC 5321bis / 2821ter SM
- Re: RFC 5321bis / 2821ter Arnt Gulbrandsen
- Re: RFC 5321bis / 2821ter Matti Aarnio
- Re: RFC 5321bis / 2821ter Arnt Gulbrandsen
- Re: RFC 5321bis / 2821ter Matti Aarnio
- Re: RFC 5321bis / 2821ter Alessandro Vesely
- Re: RFC 5321bis / 2821ter Paul Smith
- Re: RFC 5321bis / 2821ter Arnt Gulbrandsen
- Re: RFC 5321bis / 2821ter Arnt Gulbrandsen
- Re: RFC 5321bis / 2821ter Willie Gillespie
- RFC 5321bis / 2821ter John C Klensin